Add CVE-2025-24016: Wazuh Unsafe Deserialization RCE Detection template

[huseyinstif]

This pull request adds a new template to detect the Wazuh Unsafe Deserialization vulnerability, identified as CVE-2025-24016. The vulnerability arises from the improper deserialization of JSON data using the as_wazuh_object function in Wazuh servers. An attacker can inject a malicious object via the __unhandled_exc__ key to trigger a NameError, indicating that the payload reached the vulnerable code path and potentially allowing remote code execution.

Key Points:

• Vulnerability: Unsafe deserialization in Wazuh DistributedAPI.
• Detection Method: The template sends a specially crafted payload with a non-existent class ("NotARealClass") to trigger a NameError.
• Validation: The template has been validated locally and reliably detects vulnerable instances by confirming an HTTP 500 response with "NameError" in the response body.
• Impact: Exploitation of this vulnerability could allow an attacker to execute arbitrary code on affected servers, leading to system compromise.

This template provides a robust detection mechanism for researchers and penetration testers to identify and address the vulnerability in Wazuh deployments.

Please review the changes and let me know if further adjustments are needed.

[GeorginaReeder]

Thanks for your contribution @huseyinstif ! :)

[ritikchaddha]

Hello @huseyinstif, thank you for sharing this template with us. Could you please provide the debug data to validate this template? You can obtain the debug data by using the -debug flag after the command in the CLI.